304634 - DoS with onBlur="alert('doh!'); focus();"

Status: RESOLVED WORKSFORME

Description

[Karl Grindley]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6

by using the onBlur in the body tag, an alert call, and focus() tag, you can
lock the browser and prevent the user from closing a window indefinately, until
the browser process is killed and restarted.

linux versions of firefox seem to segfault and die.  Windows goes forever.

Reproducible: Always

Steps to Reproduce:
1. goto site with onBlur body tag
2. try to close the window!
3.

Actual Results:  
browser window

Expected Results:  
user should have the ability to kill a browser window, no matter what
html/javascript

Comment 1

[Karl Grindley]

here's a version of the offending javascript:

<body bgcolor="#FFFFFF" onBlur="alert('doh!'); focus();">

Comment 2

[Jesse Ruderman]

I don't see this problem on Mac with
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6

This might be a dup of bug 61098.

Comment 3

[Daniel Veditz [:dveditz]]

I could reproduce on Windows. Not if the page was the only thing loaded, but
when I hit ctrl-T to open a new tab I was locked.

Deer Park didn't have much of a problem: I got the alert loop two or three times
but then focus rested with the browser and I was able to click the close tab
button or close window button (if i touched something else I started the loop
again).

Comment 4

[Aaron Lawrence]

Also present in Seamonkey 1.0, WinXP.
Pretty serious problem.
Windows won't even let you force-close it from the taskbar because it has a responding window showing (the dialog). You need to open task manager and find the browser there.

Comment 5

[Biju]

I think this is no longer an issue after Bug 61098 fix...

Comment 6

[Matthias Versen [:Matti]]

this is wfm with a cirrent Seamonkey trunk